1) Is it sensible to even mention the idea of using a single public/private keypair shared amongst all developers? Such a configuration would seem to be so very needlessly insecure that I would not even talk about it.

2) Where a line in authorized keys is mentioned, it is described as `ssh-<type> <key>` - I'm not sure it actually makes it clearer to try to decompose the key into parts. I'd imagine that the majority of users would consider the entire line, from ssh-rsa or ssh-dss onwards to be the key. (Also there's a possibility that some users might still be using v1 numeric keys, though they really shouldn't by now.) Another issue is that, for dsa keys, the 'type' you pass to ssh-keygen is "dsa" but the ID token in authorized_keys is "ssh-dss". Maybe something like:
command="......" <normal-key-line>
would work?

2009/12/22 Max Bowsher <email address hidden>:
> Two thoughts:
>
> 1) Is it sensible to even mention the idea of using a single public/private keypair shared amongst all developers? Such a configuration would seem to be so very needlessly insecure that I would not even talk about it.